Over the last decade, malicious software (malware) attacks have become a pervasive problem for Internet users and enterprise network administrators. In most situations, malware is a program or file that is embedded within downloadable content and designed to adversely influence, undermine, disrupt, alter or otherwise attack normal operations of an electronic device (e.g. computer, tablet, smartphone, server, router, wearable technology, or other types of products with data processing capability). Examples of different types of malware may include bots, computer viruses, worms, Trojan horses, spyware, adware, or any other programming that operates within an electronic device without permission by the user or a system administrator.
For instance, content may be embedded with objects associated with a web page hosted by a malicious web site. By downloading this content, malware may be received as imbedded objects. For example, malware may caused another web page to be requested from a malicious web site may be unknowingly installed on the computer. Similarly, malware may also be installed on a computer upon receipt or opening of an electronic mail (email) message. As an example, an email message may contain an attachment, such as a Portable Document Format (PDF) document, with embedded executable malware. Also, malware may exist in files infected through any of a variety of attack vectors, which are uploaded from an infected computer onto a networked storage device such as a file share.
Over the past few years, various types of security appliances have been deployed within an enterprise network in order to detect behaviors that signal the presence of malware. Often, conventional security appliances are not capable of detecting zero-day attacks. A “zero-day” attack typically poses the greatest threat to an enterprise network as these types of attacks are designed to exploit a previously unknown vulnerability within software executing on one or more targeted electronic devices, and often constitutes a previously unseen type of malware.
As a result, due to difficulties in detecting zero-day attacks by conventional security appliances, customers, software developers and the public at large do not receive warnings regarding detected zero-day threats in an expeditious manner.